
package com.yuke.cloud.service.cmc.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import javax.servlet.http.HttpServletResponse;

/**
 * The class Resource server config.
 *
 * @author
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Value("${spring.profiles.active}")
    private String env;//当前激活的配置文件

    @Autowired
    private PermitAllSecurityConfig permitAllSecurityConfig;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // mod by wg 20181217
        if ("dev".equals(env)) {  //开发环境不做验证
            http
                    .headers().frameOptions().disable()
                    .and()
                    .csrf().disable()
                    .exceptionHandling()
                    .and()
                    .apply(permitAllSecurityConfig)
                    .and()
                    .authorizeRequests().antMatchers("/").permitAll();
        } else {
            http
                    .headers().frameOptions().disable()
                    .and()
                    .csrf().disable()
                    .exceptionHandling()
                    .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
                    .and()
                    .authorizeRequests().antMatchers("/pay/alipayCallback", "/order/pay/notify", "/wxpay/notifyWeiXinPay",
                    "/bill/billpay/AliNotify", "/bill/billpay/WxNotify","/druid/**", "/swagger-ui.html", "/swagger-resources/**",
                    "/v2/api-docs", "/api/applications","/mall/**").permitAll()  // add by wg 20181221 APP不用登录也可以访问的接口
                    .anyRequest().authenticated();
        }
    }
}
